@reclaimprotocol/attestor-core 5.0.4 → 5.0.5

package/lib/utils/http-parser.js

@@ -1,246 +0,0 @@
-import { asciiToUint8Array, concatenateUint8Arrays } from '@reclaimprotocol/tls';
-import { findIndexInUint8Array, uint8ArrayToStr } from "./generics.js";
-import { REDACTION_CHAR_CODE } from "./redactions.js";
-const HTTP_HEADER_LINE_END = asciiToUint8Array('\r\n');
-/**
- * parses http/1.1 responses
- */
-export function makeHttpResponseParser() {
-    /** the HTTP response data */
-    const res = {
-        statusCode: 0,
-        statusMessage: '',
-        headers: {},
-        body: new Uint8Array(),
-        complete: false,
-        headersComplete: false,
-        headerIndices: new Map(),
-        headerEndIdx: 0
-    };
-    let remainingBodyBytes = 0;
-    let isChunked = false;
-    let remaining = new Uint8Array();
-    let currentByteIdx = 0;
-    return {
-        res,
-        /**
-         * Parse the next chunk of data
-         * @param data the data to parse
-         */
-        onChunk(data) {
-            // concatenate the remaining data from the last chunk
-            remaining = concatenateUint8Arrays([remaining, data]);
-            // if we don't have the headers yet, keep reading lines
-            // as each header is in a line
-            if (!res.headersComplete) {
-                for (let line = getLine(); typeof line !== 'undefined'; line = getLine()) {
-                    // first line is the HTTP version, status code & message
-                    if (!res.statusCode) {
-                        const [, statusCode, statusMessage] = line.match(/HTTP\/\d\.\d (\d+) (.*)/) || [];
-                        res.statusCode = Number(statusCode);
-                        res.statusMessage = statusMessage;
-                        res.statusLineEndIndex = currentByteIdx - HTTP_HEADER_LINE_END.length;
-                    }
-                    else if (line === '') { // empty line signifies end of headers
-                        res.headersComplete = true;
-                        res.headerEndIdx = currentByteIdx - 4;
-                        // if the response is chunked, we need to process the body differently
-                        if (res.headers['transfer-encoding']?.includes('chunked')) {
-                            isChunked = true;
-                            res.chunks = [];
-                            break;
-                            // if the response has a content-length, we know how many bytes to read
-                        }
-                        else if (res.headers['content-length']) {
-                            remainingBodyBytes = Number(res.headers['content-length']);
-                            break;
-                        }
-                        else {
-                            remainingBodyBytes = -1;
-                            break;
-                            // otherwise,
-                            // no content-length, no chunked transfer encoding
-                            // means wait till the stream ends
-                            // https://stackoverflow.com/a/11376887
-                        }
-                    }
-                    else if (!res.complete) { // parse the header
-                        const [key, value] = line.split(': ');
-                        res.headers[key.toLowerCase()] = value;
-                        res.headerIndices[key.toLowerCase()] = {
-                            fromIndex: currentByteIdx - line.length - HTTP_HEADER_LINE_END.length,
-                            toIndex: currentByteIdx - HTTP_HEADER_LINE_END.length
-                        };
-                    }
-                    else {
-                        throw new Error('got more data after response was complete');
-                    }
-                }
-            }
-            if (res.headersComplete) {
-                if (remainingBodyBytes) {
-                    readBody();
-                    // if no more body bytes to read,
-                    // and the response was not chunked we're done
-                    if (!remainingBodyBytes && !isChunked) {
-                        res.complete = true;
-                    }
-                }
-                if (res.headers['content-length'] === '0') {
-                    res.complete = true;
-                }
-                if (isChunked) {
-                    for (let line = getLine(); typeof line !== 'undefined'; line = getLine()) {
-                        if (line === '') {
-                            continue;
-                        }
-                        const chunkSize = Number.parseInt(line, 16);
-                        // if chunk size is 0, we're done
-                        if (!chunkSize) {
-                            res.complete = true;
-                            continue;
-                        }
-                        res.chunks?.push({
-                            fromIndex: currentByteIdx,
-                            toIndex: currentByteIdx + chunkSize,
-                        });
-                        // otherwise read the chunk
-                        remainingBodyBytes = chunkSize;
-                        readBody();
-                        // if we read all the data we had,
-                        // but there's still data left,
-                        // break the loop and wait for the next chunk
-                        if (remainingBodyBytes) {
-                            break;
-                        }
-                    }
-                }
-            }
-        },
-        /**
-         * Call to prevent further parsing; indicating the end of the request
-         * Checks that the response is valid & complete, otherwise throws an error
-         */
-        streamEnded() {
-            if (!res.headersComplete) {
-                throw new Error('stream ended before headers were complete');
-            }
-            if (remaining.length) {
-                throw new Error('stream ended before remaining data arrived');
-            }
-            if (remainingBodyBytes > 0) {
-                throw new Error('stream ended before all body bytes were received');
-            }
-            res.complete = true;
-        }
-    };
-    function readBody() {
-        if (res.complete) {
-            throw new Error('got more data after response was complete');
-        }
-        if (!res.bodyStartIndex) {
-            res.bodyStartIndex = currentByteIdx;
-        }
-        let bytesToCopy;
-        if (remainingBodyBytes === -1) {
-            // all bytes are body bytes
-            bytesToCopy = remaining.length;
-        }
-        else {
-            // take the number of bytes we need to read, or the number of bytes remaining
-            // and append to the bytes of the body
-            bytesToCopy = Math.min(remainingBodyBytes, remaining.length);
-            remainingBodyBytes -= bytesToCopy;
-        }
-        res.body = concatenateUint8Arrays([
-            res.body,
-            remaining.slice(0, bytesToCopy)
-        ]);
-        remaining = remaining.slice(bytesToCopy);
-        currentByteIdx += bytesToCopy;
-    }
-    function getLine() {
-        // find end of line, if it exists
-        // otherwise return undefined
-        const idx = findIndexInUint8Array(remaining, HTTP_HEADER_LINE_END);
-        if (idx === -1) {
-            return undefined;
-        }
-        const line = uint8ArrayToStr(remaining.slice(0, idx));
-        remaining = remaining.slice(idx + HTTP_HEADER_LINE_END.length);
-        currentByteIdx += idx + HTTP_HEADER_LINE_END.length;
-        return line;
-    }
-}
-/**
- * Read the HTTP request from a TLS receipt transcript.
- * @param receipt the transcript to read from or application messages if they were extracted beforehand
- * @returns the parsed HTTP request
- */
-export function getHttpRequestDataFromTranscript(receipt) {
-    const clientMsgs = receipt
-        .filter(s => s.sender === 'client');
-    // if the first message is redacted, we can't parse it
-    // as we don't know what the request was
-    if (clientMsgs[0].message[0] === REDACTION_CHAR_CODE) {
-        throw new Error('First client message request is redacted. Cannot parse');
-    }
-    const request = {
-        method: '',
-        url: '',
-        protocol: '',
-        headers: {}
-    };
-    let requestBuffer = concatenateUint8Arrays(clientMsgs.map(m => m.message));
-    // keep reading lines until we get to the end of the headers
-    for (let line = getLine(); typeof line !== 'undefined'; line = getLine()) {
-        if (line === '') {
-            break;
-        }
-        if (!request.method) {
-            const [, method, url, protocol] = line.match(/(\w+) (.*) (.*)/) || [];
-            request.method = method.toLowerCase();
-            request.url = url;
-            request.protocol = protocol;
-        }
-        else {
-            let keyIdx = line.indexOf(':');
-            if (keyIdx === -1) {
-                keyIdx = line.length - 1;
-            }
-            const key = line.slice(0, keyIdx)
-                .toLowerCase()
-                .trim();
-            const value = line.slice(keyIdx + 1)
-                .trim();
-            const oldValue = request.headers[key];
-            if (typeof oldValue === 'string') {
-                request.headers[key] = [oldValue, value];
-            }
-            else if (Array.isArray(oldValue)) {
-                oldValue.push(value);
-            }
-            else {
-                request.headers[key] = value;
-            }
-        }
-    }
-    //the rest is request body
-    if (requestBuffer.length) {
-        request.body = requestBuffer;
-    }
-    if (!request.method) {
-        throw new Error('Client request is incomplete');
-    }
-    return request;
-    function getLine() {
-        const idx = findIndexInUint8Array(requestBuffer, HTTP_HEADER_LINE_END);
-        if (idx === -1) {
-            return undefined;
-        }
-        const line = uint8ArrayToStr(requestBuffer.slice(0, idx));
-        requestBuffer = requestBuffer
-            .slice(idx + HTTP_HEADER_LINE_END.length);
-        return line;
-    }
-}

package/lib/utils/index.js

@@ -1,13 +0,0 @@
-export * from "./generics.js";
-export * from "./logger.js";
-export * from "./redactions.js";
-export * from "./http-parser.js";
-export * from "./zk.js";
-export * from "./claims.js";
-export * from "./error.js";
-export * from "./prepare-packets.js";
-export * from "./signatures/index.js";
-export * from "./auth.js";
-export * from "./b64-json.js";
-export * from "./bgp-listener.js";
-export * from "./tls.js";

package/lib/utils/logger.js

@@ -1,91 +0,0 @@
-import { pino, stdTimeFunctions } from 'pino';
-import { getEnvVariable } from "./env.js";
-const PII_PROPERTIES = ['ownerPrivateKey', 'secretParams'];
-const redactedText = '[REDACTED]';
-const envLevel = getEnvVariable('LOG_LEVEL');
-export let logger = pino();
-makeLogger(false, envLevel);
-/**
- * Creates a logger instance with optional redaction of PII.
- * Replaces default logger
- * See PII_PROPERTIES for the list of properties that will be redacted.
- *
- * @param redactPii - whether to redact PII from logs
- * @param level - the log level to use
- * @param onLog - a callback to call when a log is written
- */
-export function makeLogger(redactPii, level, onLog) {
-    const opts = {
-        // Log human readable time stamps instead of epoch time
-        timestamp: stdTimeFunctions.isoTime,
-    };
-    if (redactPii) {
-        opts.formatters = { log: redact };
-        opts.serializers = { redact };
-        opts.browser = {
-            write: {
-                fatal: log => writeLog('fatal', log),
-                error: log => writeLog('error', log),
-                warn: log => writeLog('warn', log),
-                info: log => writeLog('info', log),
-                debug: log => writeLog('debug', log),
-                trace: log => writeLog('trace', log),
-            }
-        };
-    }
-    const pLogger = pino(opts);
-    pLogger.level = level || 'info';
-    logger = pLogger;
-    return pLogger;
-    function writeLog(level, log) {
-        log = redact(log);
-        const { msg, ...obj } = log;
-        if (console[level]) {
-            console[level](obj, msg);
-        }
-        else {
-            console.log(obj, msg);
-        }
-        onLog?.(level, log);
-    }
-}
-function isObjectProperty(property) {
-    return (typeof property) === 'object'
-        && !Array.isArray(property)
-        && property !== null;
-}
-function getReplacer() {
-    // Store references to previously visited objects
-    const references = new WeakSet();
-    return function (key, value) {
-        const isObject = (typeof value) === 'object' && value !== null;
-        if (isObject) {
-            if (references.has(value)) {
-                return '[CIRCULAR]';
-            }
-            references.add(value);
-        }
-        return value;
-    };
-}
-export function redact(json) {
-    const isObject = isObjectProperty(json);
-    if (!isObject && !Array.isArray(json)) {
-        return json;
-    }
-    const redacted = JSON.parse(JSON.stringify(json, getReplacer()));
-    for (const prop in redacted) {
-        if (PII_PROPERTIES.includes(prop)) {
-            redacted[prop] = redactedText;
-        }
-        if (Array.isArray(redacted[prop])) {
-            for (const [index, value] of redacted[prop].entries()) {
-                redacted[prop][index] = redact(value);
-            }
-        }
-        else if (isObjectProperty(redacted[prop])) {
-            redacted[prop] = redact(redacted[prop]);
-        }
-    }
-    return redacted;
-}

package/lib/utils/prepare-packets.js

@@ -1,62 +0,0 @@
-import { concatenateUint8Arrays, crypto } from '@reclaimprotocol/tls';
-import { TranscriptMessageSenderType } from "../proto/api.js";
-import { makeZkProofGenerator } from "./zk.js";
-/**
- * Prepares the packets for reveal to the server
- * according to the specified reveal type
- */
-export async function preparePacketsForReveal(tlsTranscript, reveals, { onZkProgress, ...opts }) {
-    const transcript = [];
-    const proofGenerator = await makeZkProofGenerator(opts);
-    let zkPacketsDone = 0;
-    await Promise.all(tlsTranscript.map(async ({ message, sender }, i) => {
-        const msg = {
-            sender: sender === 'client'
-                ? TranscriptMessageSenderType.TRANSCRIPT_MESSAGE_SENDER_TYPE_CLIENT
-                : TranscriptMessageSenderType.TRANSCRIPT_MESSAGE_SENDER_TYPE_SERVER,
-            message: message.data,
-            reveal: undefined
-        };
-        transcript.push(msg);
-        const reveal = reveals.get(message);
-        if (!reveal || message.type === 'plaintext') {
-            return;
-        }
-        switch (reveal?.type) {
-            case 'complete':
-                msg.reveal = {
-                    directReveal: {
-                        key: await crypto.exportKey(message.encKey),
-                        iv: message.fixedIv,
-                        recordNumber: message.recordNumber,
-                    },
-                };
-                break;
-            case 'zk':
-                // the redacted section can be smaller than the actual
-                // plaintext encrypted, in case of TLS1.3 as it has a
-                // content type suffix
-                reveal.redactedPlaintext = concatenateUint8Arrays([
-                    reveal.redactedPlaintext,
-                    message.plaintext.slice(reveal.redactedPlaintext.length)
-                ]);
-                await proofGenerator.addPacketToProve(message, reveal, (proofs, toprfs) => (msg.reveal = { zkReveal: { proofs, toprfs } }), () => {
-                    const next = tlsTranscript
-                        .slice(i + 1)
-                        .find(t => t.sender === sender);
-                    return next?.message;
-                });
-                break;
-            default:
-                // no reveal
-                break;
-        }
-    }));
-    const zkPacketsTotal = proofGenerator.getTotalChunksToProve();
-    onZkProgress?.(zkPacketsDone, zkPacketsTotal);
-    await proofGenerator.generateProofs(() => {
-        zkPacketsDone += 1;
-        onZkProgress?.(zkPacketsDone, zkPacketsTotal);
-    });
-    return transcript;
-}

package/lib/utils/redactions.js

@@ -1,148 +0,0 @@
-import { base64Encode } from '@bufbuild/protobuf/wire';
-import { concatenateUint8Arrays } from '@reclaimprotocol/tls';
-export const REDACTION_CHAR = '*';
-export const REDACTION_CHAR_CODE = REDACTION_CHAR.charCodeAt(0);
-/**
- * Check if a redacted string is congruent with the original string.
- * @param redacted the redacted content, redacted content is replaced by '*'
- * @param original the original content
- */
-export function isRedactionCongruent(redacted, original) {
-    // eslint-disable-next-line unicorn/no-for-loop
-    for (let i = 0; i < redacted.length; i++) {
-        const element = redacted[i];
-        const areSame = element === original[i]
-            || (typeof element === 'string' && element === REDACTION_CHAR)
-            || (typeof element === 'number' && element === REDACTION_CHAR_CODE);
-        if (!areSame) {
-            return false;
-        }
-    }
-    return true;
-}
-/**
- * Is the string fully redacted?
- */
-export function isFullyRedacted(redacted) {
-    for (const element of redacted) {
-        if (element !== REDACTION_CHAR
-            && element !== REDACTION_CHAR_CODE) {
-            return false;
-        }
-    }
-    return true;
-}
-/**
- * Given some plaintext blocks and a redaction function, return the blocks that
- * need to be revealed to the other party
- *
- * Use case: we get the response for a request in several blocks, and want to redact
- * pieces that go through multiple blocks. We can use this function to get the
- * blocks that need to be revealed to the other party
- *
- * @example if we received ["secret is 12","345","678. Thanks"]. We'd want
- * to redact the "12345678" and reveal the rest. We'd pass in the blocks and
- * the redact function will return the redactions, namely [10,19].
- * The function will return the blocks ["secret is **","***. Thanks"].
- * The middle block is fully redacted, so it's not returned
- *
- * @param blocks blocks to reveal
- * @param redact function that returns the redactions
- * @returns blocks to reveal
- */
-export async function getBlocksToReveal(blocks, redact, performOprf) {
-    const slicesWithReveal = blocks.map(block => ({
-        block,
-        // copy the plaintext to avoid mutating the original
-        redactedPlaintext: new Uint8Array(block.plaintext)
-    }));
-    const total = concatenateUint8Arrays(blocks.map(b => b.plaintext));
-    const redactions = redact(total);
-    if (!redactions.length) {
-        return 'all';
-    }
-    let blockIdx = 0;
-    let cursorInBlock = 0;
-    let cursor = 0;
-    for (const redaction of redactions) {
-        await redactBlocks(redaction);
-    }
-    // only reveal blocks that have some data to reveal,
-    // or are completely plaintext
-    return slicesWithReveal
-        .filter(s => !isFullyRedacted(s.redactedPlaintext));
-    async function redactBlocks(slice) {
-        while (cursor < slice.fromIndex) {
-            advance();
-        }
-        if (slice.hash) {
-            const plaintext = total.slice(slice.fromIndex, slice.toIndex);
-            const { nullifier, responses, mask } = await performOprf(plaintext);
-            // set the TOPRF claim on the first blocks this
-            // redaction covers
-            const toprf = {
-                nullifier,
-                responses,
-                dataLocation: {
-                    fromIndex: cursorInBlock,
-                    length: slice.toIndex - slice.fromIndex
-                },
-                mask,
-                plaintext
-            };
-            const startBlockIdx = blockIdx;
-            const block = slicesWithReveal[blockIdx];
-            block.toprfs ||= [];
-            block.toprfs.push(toprf);
-            const nullifierStr = binaryHashToStr(nullifier, toprf.dataLocation.length);
-            let i = 0;
-            let overshootLen = 0;
-            while (cursor < slice.toIndex) {
-                if (blockIdx !== startBlockIdx) {
-                    overshootLen += 1;
-                }
-                slicesWithReveal[blockIdx].redactedPlaintext[cursorInBlock]
-                    = nullifierStr.charCodeAt(i);
-                advance();
-                i += 1;
-            }
-            if (overshootLen) {
-                slicesWithReveal[blockIdx]
-                    .overshotToprfFromPrevBlock = { length: overshootLen };
-            }
-        }
-        while (cursor < slice.toIndex) {
-            slicesWithReveal[blockIdx]
-                .redactedPlaintext[cursorInBlock] = REDACTION_CHAR_CODE;
-            advance();
-        }
-    }
-    function advance() {
-        cursor += 1;
-        cursorInBlock += 1;
-        if (cursorInBlock >= blocks[blockIdx].plaintext.length) {
-            blockIdx += 1;
-            cursorInBlock = 0;
-        }
-    }
-}
-/**
- * Redact the following slices from the total
- */
-export function redactSlices(total, slices) {
-    const redacted = new Uint8Array(total);
-    for (const slice of slices) {
-        for (let i = slice.fromIndex; i < slice.toIndex; i++) {
-            redacted[i] = REDACTION_CHAR_CODE;
-        }
-    }
-    return redacted;
-}
-/**
- * Converts the binary hash to an ASCII string of the expected length.
- * If the hash is shorter than the expected length, it will be padded with
- * '0' characters. If it's longer, it will be truncated.
- */
-export function binaryHashToStr(hash, expLength) {
-    return base64Encode(hash).padEnd(expLength, '0').slice(0, expLength);
-}

package/lib/utils/retries.js

@@ -1,24 +0,0 @@
-/**
- * Execute a function, and upon failure -- retry
- * based on specified options.
- */
-export async function executeWithRetries(code, { maxRetries = 3, shouldRetry, logger, }) {
-    let retries = 0;
-    while (retries < maxRetries) {
-        try {
-            const result = await code(retries);
-            return result;
-        }
-        catch (err) {
-            retries += 1;
-            if (retries >= maxRetries) {
-                throw err;
-            }
-            if (!shouldRetry(err)) {
-                throw err;
-            }
-            logger.info({ err, retries }, 'retrying failed operation');
-        }
-    }
-    throw new Error('retries exhausted');
-}

package/lib/utils/signatures/eth.js

@@ -1,29 +0,0 @@
-import { utils, Wallet } from 'ethers';
-const { computeAddress, computePublicKey } = utils;
-export const ETH_SIGNATURE_PROVIDER = {
-    getPublicKey(privateKey) {
-        const pub = computePublicKey(privateKey, true);
-        return utils.arrayify(pub);
-    },
-    getAddress(publicKey) {
-        return computeAddress(publicKey).toLowerCase();
-    },
-    async sign(data, privateKey) {
-        const wallet = getEthWallet(privateKey);
-        const signature = await wallet.signMessage(data);
-        return utils.arrayify(signature);
-    },
-    async verify(data, signature, addressBytes) {
-        const address = typeof addressBytes === 'string'
-            ? addressBytes
-            : utils.hexlify(addressBytes);
-        const signerAddress = utils.verifyMessage(data, signature);
-        return signerAddress.toLowerCase() === address.toLowerCase();
-    }
-};
-function getEthWallet(privateKey) {
-    if (!privateKey) {
-        throw new Error('Private key missing');
-    }
-    return new Wallet(privateKey);
-}

package/lib/utils/signatures/index.js

@@ -1,7 +0,0 @@
-import { ServiceSignatureType } from "../../proto/api.js";
-import { ETH_SIGNATURE_PROVIDER } from "./eth.js";
-export const SIGNATURES = {
-    [ServiceSignatureType.SERVICE_SIGNATURE_TYPE_ETH]: ETH_SIGNATURE_PROVIDER,
-};
-export const SelectedServiceSignatureType = ServiceSignatureType.SERVICE_SIGNATURE_TYPE_ETH;
-export const SelectedServiceSignature = SIGNATURES[SelectedServiceSignatureType];